Express Mail Label No. EL690558879US 




/o-o5 -o D ^ 



5 UTILITY PATENT APPLICATION TRANSMITTAL 

(Large Entity) 

( Only for new nonprovisional applications under 37 CFR 1. 53(b)) 



Docket No. 
DE919990073US1 



Total Pages in this Submission 



TO THE ASSISTANT COMMISSIONER FOR PATENTS 
Box Patent Application 
Washington, D.C. 20231 

Transnnitted herewith for filing under 35 U.S.C. 111(a) and 37 C.F.R. 1.53(b) is a new utility patent application for an 
invention entitled: 



SYSTEM AND METHOD FOR DOWNLOADING APPLICATION COMPONENTS 
TO A CHIPCARD 



Stefan Hepper, Thomas Schaeck 



If i CONTINUATION APPLICATION, check appropriate box and supply the requisite information: 
a Continuation □ Divisional □ Continuation-in-part (CIP) of prior application No.: 
\Wiich is a: 

Q Continuation □ Divisional □ Continuation-in-part (CIP) of prior application No.: 
Which is a: 

Q Continuation □ Divisional □ Continuation-in-part (CIP) of prior application No.: 
^closed are: 

q Application Elements 

1 - S Filing fee as calculated and transmitted as described below 

2. m Specification having 26 pages and including the following: 

a. S Descriptive Title of the Invention 

b. □ Cross References to Related Applications (if applicable) 

c. □ Statement Regarding Federally-sponsored Research/Development (if applicable) 

d. □ Reference to Microfiche Appendix (if applicable) 

e. fS Background of the Invention 

f. H Brief Summary of the Invention 

g. IS Brief Description of the Drawings (if drawings filed) 

h. (a Detailed Description 

i- S Claim(s) as Classified Below 
j. lEl Abstract of the Disclosure 



o 



and invented by: ^ " -S^i 

aS^^ 



0 
■n 



Page 1 of 4 



P01ULRG/REV05 



UTILITY PATENT APPLICATION TRANSMITTAL 

(Large Entity) 

(Only for new nonprovisional applications under 37 CFR 1.53(b)) 


Docket No. 
DE919990073US1 


Total Pages in this Submission 






Application Elements (Continued) 




3. 


H 


Drawing(s) (wlien necessary as prescribed by 35 USC 113) 






a. 


□ Formal Number of Sheets 






b. 


S Informal Number of Sheets Four (4) 




4. 


m 


Oath or Declaration 






a. 


□ Newly executed (original or copy) ® Unexecuted 






u. 


□ Copy from a prior application (37 CFR 1 .63(d)) (for continuation/divisional application only) 




c. 


H With Power of Attorney □ Without Power of Attorney 






d. 


□ DELETION OF INVENTORfS) 








Signed statement attached deleting inventor(s) named in the prior application, 






see 37 C.F.R. 1.63(d)(2) and 1.33(b). 






□ 


Incorporation By Reference (usable if Box 4b is checked) 








The entire disclosure of the prior application, from which a copy of the oath or declaration is supplied 






under Box 4b, is considered as being part of the disclosure of the accompanying application and Is hereby 






incorporated by reference therein. 






□ 


Computer Program in Microfiche (Appendix) 






□ 


Nucleotide and/or Amino Acid Sequence Submission (if applicable, all must be Included) 




a. 


□ Paper Copy 






b. 


□ Computer Readable Copy (identical to computer copy) 






c. 


□ Statement Verifying Identical Paper and Computer Readable Copy 








Accompanying Application Parts 




8. 


□ 


Assignment Papers (cover sheet & document(s)) 




9. 


□ 


37 CFR 3.73(B) Statement (when there is an assignee) 




10. 


□ 


English Translation Document (if applicable) 




11. 


□ 


Information Disclosure Statement/PTO-1449 □ Copies of IDS Citations 


12. 


□ 


Preliminary Amendment 




13. 


m 


Acknowledgment postcard 




14. 


m 


Certificate of Mailing 








□ First Class H Express Mail ('Spec/^ Late/ A/o.;; EL690558879US j 



Page 2 of 4 



P01ULRG/REV05 



UTILITY PATENT APPLICATION TRANSMITTAL 

(Large Entity) 

(Only for new nonprovisional applications under 37 CFR 1 53(b)) 



Docket No. 
DE919990073US1 



Total Pages in this Submission 



Accompanying Application Parts (Continued) 

15. H Certified Copy of Priority Docunnent(s) (if foreign priority is claimed) 



16. □ Additional Enclosures (please identify below): 



\n7. □ 



Request That Application Not Be Published Pursuant To 35 U.S.C. 122(b)(2) 

Pursuant to 35 U.S.C. 122(b)(2), Applicant hereby requests that this patent application not be 
published pursuant to 35 U.S.C. 122(b)(1). Applicant hereby certifies that the invention disclosed 
in this application has not and will not be the subject of an application filed in another country, or 
under a multilateral international agreement, that requires publication of applications 18 months 
after filing of the application. 

Warning 

An applicant who maizes a request not to publish, but who subsequently files in a foreign 
country or under a multilateral international agreement specified in 35 as.C. 
122(b)(2)(B)(i), must notify the Director of such filing not later than 45 days after the date of 
the filing of such foreign or international application, A failure of the applicant to provide 
such notice within the prescribed period shall result in the application being regarded as 
abandoned, unless it is shown to the satisfaction of the Director that the delay in 
submitting the notice was unintentional. 



Page 3 of 4 



PG1ULRG/REV05 



UTILITY PATENT APPLICATION TRANSMITTAL 

(Large Entity) 

(Only for new nonprovisional applications under 37 CFR 1 53(b)) 



Docket No. 
DE919990073US1 



Total Pages in this Submission 



Fee Calculation and Transmittal 



CLAIMS AS FILED 



For 



#Filed 



#Allowed 



#Extra 



Rate 



Fee 



Total Claims 



20 



20 = 



$18,00 



$0.00 



Mep. Claims 



3 = 



$80.00 



$80.00 



ipjitiple Dependent Claims (check if applicable) □ 



$0.00 



BASIC FEE 



$710.00 



OTHER FEE (specify purpose) 



$0.00 



TOTAL FILING FEE 



$790.00 



□ A check in the amount of to cover the filing fee is enclosed. 

IS The Commissioner is hereby authorized to charge and credit Deposit Account No. 09-0463 (IBM) 
as described below. A duplicate copy of this sheet is enclosed. 

H Charge the amount of S790,00 as filing fee. 

® Credit any overpayment. 

S Charge any additional filing fees required under 37 C.F.R. 1.16 and 1.17. 
□ Charge the issue fee set in 37 C.F.R. 1.18 at the mailing of the Notice of Allowance, 
pursuant to 37 C.F.R. 1 .31 1 (b). ^ 



Dated: October */ , 2000 



cc: 



^nature 

Kevin P. Radigan, Esq. 
Reg. No. 31,789 

HESLIN & ROTHENBERG, P.C. 
5 Columbia Circle 
Albany, NY 12203 
Telephone (518) 452-5600 
Facsimile (518) 452-5579 



Page 4 of 4 



P01ULRG/REV05 



o 

CERTIFICATE OF MAILING BY "EXPRESS MAIL" K 



In Re Application of: Hepper et al. 



Title: SYSTEM AND METHOD FOR DOWNLOADING APPLICATION S 

COMPONENTS TO A CHIPCARD -n 

Attorney Docket No.: DE919990073US1 (0560,342) 



"EXPRESS MAIL" MAILING LABEL NO. EL69Q558879US 
Date of Deposit October ^ , 2000 



I hereby certify that this paper is being deposited 
with the U.S. Postal Service "Express Mail Post Office 
to Addressee" service under 37 CFR 1.10 on the date 
indicated above and addressed to: 

BOX PATENT APPLICATION 

ASSISTANT COMMISSIONER FOR PATENTS 

WASHINGTON, D.C. 20231 



Jill K. Becker 

(Typed or p^fTnt^i name of person mailing paper or fee) 

v~-lz/ ^ AiJ 

(Signature person mailing paper or fee) 
Enclosures: 

^ Utility Patent Application Transmittal Letter (4 pages) 
(in duplicate) 
U.S. Patent Application which includes: 

Specification (13 pages) f 20 Claims (11 pages) ^ 
Abstract (2 pages) 

* Four (4) sheets of Informal Drawings 

^ Certified Copy of German Patent Application No. 199 47 986.0 
^ Declaration and Power of Attorney for Patent Application 
(unexecuted) (3 pages) 

* Two (2) Acknowledgment Postcards 



SYSTEM MID METHOD FOR DOWNLOADING APPLICATION 
COMPONENTS TO A CHIPCARD 

Technical Field 

5 The present invention describes a system and method for 

downloading application components via distributed systems 
to chipcards, in particular to chipcards which are already 
in use. 

Background of the Invention 

10 Normally chipcards are shipped with prepared on-card 

application components . 

These on-card application components permit 
communication between the chipcard and the chipcard 
applications, the so-called off-card applications, which are 

15 installed on a terminal, e.g. a server system. The chipcard 
- i.e. the on-card application component - communicates via 
a chipcard reader with this off-card application. Modern 
chipcards, so-called multifunction chipcards such as Java 
Cards or Smart Cards for Windows, have additional 

20 functionality permitting on-card application components to 
be mounted on the chipcard retrospectively, i.e. after the 
chipcard has been shipped (see FIG. 1) . In such cases the 
on-card application components are downloaded from the 
terminal to the chipcard via the chipcard reader. 



25 



VISA, for example, has defined an Open Platform 

Specification describing the commands between the off-card 
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application and the on-card application component;^ the on- 
card interface and the security standards. OCF (Open Card 
Framework) and Microsoft's PC/SC on the other side address 
the communication between the application, the chipcard 
5 reader and the chipcard. 

The more widespread use of distributed systems has 
resulted in an increasing need for downloading of on-card 
application components to the chipcard via distributed 
systems. The risks of such methods are obvious. The network 

10 is subject to varying loads, so the download may take a long 
time depending on capacity. Another key aspect in this 
context is security. All data transfers from the server via 
the client to the chipcard must be safeguarded. It must be 
ensured that a simple, secure authentication and encryption 

15 method which responds to the varying loads on the network is 
used when downloading application components. 

At present, however, no systems or methods are believed 
to address this possibility. 

Summary of the Invention 

20 It is therefore the object of the present invention to 

deliver a system and method for downloading application 
components via distributed systems to a chipcard in a simple 
manner, taking account of the necessary security checks. 
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This object is fulfilled by the characteristics of 
Claims 1, 17, 18 and 20. Advantageous embodiments of the 
present invention are presented in the sub-claims. 

The advantages of the present invention lie in the fact 
5 that downloading of the application components is divided 
into two stages. 



The first stage occurs on the server only, and ensures 
that not every command to download the application 
components is sent individually over the network. This is 

10 effected by means of an optimized protocol which bundles the 
individual commands to download the application component 
into a command sequence and sends it as a data packet over 
the network. This reduces the time required for downloading 
application components over the network. Each command within 

15 the command sequence is assigned a digital signature and, 
where appropriate, encrypted. This ensures that only 
authenticated commands are accepted by the chipcard. 

In this way this invention meets security requirements 
for the transfer of data via distributed systems, in 
20 particular the Internet. 

The second stage occurs between the client and the 
chipcard, and ensures that the data packets are unpacked and 
sent individually to the chipcard. 
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All security-relevant keys and certificates are stored 
on the secure server. Communication between the client and 
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the server runs preferentially via SSL (Secure Sockets 
Layer) as the transfer protocol. Misuse of the inventive 
system/method is thereby rendered much more difficult. 

Additional features and advantages are realized through 
5 the techniques of the present invention. Other embodiments 
and aspects of the invention are described in detail herein 
and are considered a part of the claimed invention. 

Brief Description of the Drawings 

The subject matter which is regarded as the invention 
10 is particularly pointed out and distinctly claimed in the 
claims at the conclusion of the specification. The 
foregoing and other objects, features, and advantages of the 
invention are apparent from the following detailed 
description taken in conjunction with the accompanying 
15 drawings in which: 



FIG. 1 shows the state of the art of 
communication between the off-card application and 
on-card application component. 

FIG. 2 shows a distributed communications 
20 architecture on which the present invention is 

based. 
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FIG. 3 shows the inventive steps involved in 
downloading on-card application components from a 
server over a network to a chipcard. 

FIG. 4 shows the inventive architecture in 
5 accordance with FIG. 3 in a Java implementation. 

FIG. 5 shows the inventive steps involved in 
downloading on-card application components from a 
server over a network to a chipcard in a Java 
implementation . 

10 Best Mode for Carrying Out the Invention 

FIG. 1 shows the state of the art in downloading of on- 
card application components from a terminal to the chipcard 
and in communication between the on-card application 
component and off -card application. In the state of the art 

15 the chipcard applications consist of an off-card application 
stored on a terminal and an on-card application component 
stored on the chipcard in the nonvolatile memory (see 
FIG.l). The terminal consists of a data processing unit with 
a chipcard reader and the corresponding driver software for 

20 the chipcard reader. The on-card application component 
communicates with the off-card application over several 
layers. Layer 1 defines the physical transfer protocol. 
Layer 2 superimposes that protocol with a logical, byte- 
oriented protocol. Layer 3 maps higher programming language 

25 on layer 2. An example of layer 1 is the 

protocol T=0, T=l (ISO/IEC7816-3) , layer 2 APDU 
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protocol (ISO/7816-4), layer 3 OCF (Open Card Framework) or 
peso ( ) . 

Normally the on-card application component is 
transferred to the chipcard via a loader application which 
5 runs on the terminal. In this process suitable chipcard 

commands are used (e.g. for file-oriented chipcards "CREATE'' 
and ''UPDATE" commands) . At present no solution for the 
transfer of on-card application components via distributed 
systems to the chipcard is yet known. 

10 FIG. 2 shows the inventive architecture of the present 

invention. The inventive architecture is based on a 
client/server architecture. The client communicates with the 
server over a network, e.g. the Internet or an Intranet. The 
client is connected to a chipcard reader and only the server 

15 has access to the secret keys required to download on-card 
application components to the chipcard. The keys may either 
be stored on the server itself or on another system to which 
the server has access. The chipcard is protected against 
unauthorized downloading of on-card application components 

20 in such a way that it only accepts commands when they are 

signed and/or encrypted with the correct keys. On the client 
a runtime program must exist which communicates both with 
the chipcard and with the server and which implements a 
protocol dependent on the respective chipcard. 

25 This protocol specifies when which messages must be 

exchanged with the chipcard and the server. On the server a 
runtime program must exist which communicates with the 
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client and uses the keys accessible to the server as 
necessary, and which implements a protocol specifying when 
which messages must be exchanged with the client and when 
which keys must be used. The chipcards used are common 
chipcards (such as Java Cards or file-oriented chipcards) 
which do not have to be adapted for the present invention. 

FIG. 3 shows the inventive steps for downloading of on- 
card application components from a server over a network to 
a chipcard. 

The client establishes communication with the chipcard 
and with the server. 

The client sends a request to the server for an on-card 
application component (application component A) to be placed 
on the chipcard. The client and server communicate 
preferentially via TCP/IP or HTTP. 

The server sends a response to the client with the 
request to transmit the chipcard identification data and, 
where appropriate, a random number for authentication 
purposes. Chipcard identification data as a minimum contain 
data relating to the chipcard type and the chipcard number. 
The client receives the response from the server and sends 
appropriate command APPUs to the chipcard in order to 
retrieve the chipcard identification data and, where 
appropriate, a random number. The chipcard identification 
data are stored in the nonvolatile memory of the chipcard 
and can be read by means of suitable commands. The chipcard 
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receives the commands and returns the chipcard 
identification data and, where appropriate, the random 
number to the client. The client sends these data in a 
request to the server. 

5 The server receives the request and evaluates the 

chipcard identification data to find out which keys have to 
be used, or to derive the necessary keys from Master Keys, 
in order to be able to download the application component A. 
The keys are used to prepare a command sequence for 

10 downloading of the application A from the server to the 

chipcard. This command sequence causes the application A to 
be created on the chipcard. The command sequence is a 
predefined sequence stored in the nonvolatile memory area of 
the server for a specific application. A further embodiment 

15 of the invention is that the command sequence is created in 
whole or in part with the aid of a program on the server. 
This is preferentially applied where card-specific data are 
also to be integrated into the on-card application component 
by means of the command sequence. Preferentially each 

20 command within the sequence is signed with the aid of the 
key (Session Keys) and encrypted as necessary. This can be 
effected, for example, by assigning the first command within 
the sequence a MAC (message authentication code) with the 
aid of the random number and the correct key, and assigning 

25 all subsequent commands a MAC based on the MAC of the 

preceding command and the correct key. The sequence with the 
signed and, where appropriate, encrypted commands is sent to 
the client. 
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The client receives the response with the command 
sequence and sends the commands consecutively to the 
chipcard. The chipcard checks the signature and only 
executes the commands if the signature is correct. 

FIG. 4 shows the inventive architecture in accordance 
with FIG. 3 in a Java implementation. 

On the client a Web Browser is run to enable the user 
to navigate to the Web page of the server. The Web page of 
the server contains the applet which implements the client 
program described in FIG. 3. When the Web page is displayed 
the applet is downloaded from the server to the Browser. The 
applet establishes a communication link to a servlet on the 
server. The servlet has the functionality of the server 
program. 

The procedure for downloading the on-card application 
component corresponds to that set out in FIG. 3. 

FIG. 5 shows the inventive steps for downloading of on- 
card application components from a server over a network to 
a chipcard in a Java implementation. 

It is assumed in this that a brokerage application 
stored on a server is to be loaded into the chipcard. 
Authentication keys are also stored on the server. 
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The client establishes communication with the chipcard 
and with the server. Communication with the chipcard is 
implemented by OCF (Open Card Framework) . 

The client sends a request to the server for the 
brokerage application (on-card application component) to be 
placed on the chipcard. The client and server communicate 
preferentially via TCP/IP or HTTP. 

The server sends a response to the client with the 
request to transmit the chipcard identification data 
(GetCardlnfo) . 

The client receives the response from the server and 
sends appropriate command APPUs to the chipcard in order to 
retrieve the chipcard identification data. The chipcard 
identification data are stored in the nonvolatile memory of 
the chipcard and can be read by means of suitable commands. 
The chipcard receives the commands and returns the chipcard 
identification data to the client. The client sends these 
data in a request to the server. 

The server receives the request and evaluates the 
chipcard identification data to find out the card type. An 
authentication method is chosen depending on the card type. 
In the present implementation the card type is a VISA Open 
Platform card with symmetrical keys. The first 
authentication step involves the server generating a random 
number and selecting a key number, and then sending that 
information packed in a command to the client. The client 
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extracts the OCF command and sends it to the OCF interface 
on the client computer. The OCF interface converts the OCF 
command into one or more APDUs and sends it /them to the 
chipcard. The chipcard receives the APDUs, identifies them 
5 as an authentication command, generates a random number, 
creates a Session Key from the two random numbers and the 
transmitted key, and thereby returns the random numbers in 
encrypted form. 

The client transmits the card's response to the server. 
10 The server likewise generates a Session Key from the two 
random numbers and the key number. With the aid of this 
Session Key it checks the encrypted random numbers. If the 
check is successful the card is classed as authenticated. 

The server sends a second authentication command to the 
15 client in order to authenticate itself according to the same 
method, as already described. If the check is successful the 
server is classed as authenticated. 

The brokerage application is signed on the server by 
means of the Session Keys and encrypted as necessary in 

20 order to be able to download the broker application. This 
command sequence causes the application A to be created on 
the chipcard. The command sequence is a predefined sequence 
stored in the nonvolatile memory area of the server. A 
further embodiment of the invention is that the command 

25 sequence is created in whole or in part with the aid of a 

program on the server. This is preferentially applied where 
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card-specific data are also to be integrated into the on- 
card application component by means of the command sequence. 

Preferentially each command within the sequence is 
signed with the aid of the key (Session Keys) and encrypted 
5 as necessary. This can be effected, for example^, by 
assigning the first command within the sequence a MAC 
(message authentication code) with the aid of the random 
number and the correct key and assigning all subsequent 
commands a MAC based on the MAC of the preceding command and 
10 the correct key. The sequence with the signed and, where 
appropriate, encrypted commands is sent to the client. 



The client receives the response with the command 
sequence and sends the commands consecutively to the 
chipcard. The chipcard checks the signature and only 
15 executes the commands if the signature is correct. 

The steps outlined can also be used to customize the 
new application/brokerage application. 

The present invention can be included in an article of 
manufacture (e.g., one or more computer program products) 
20 having, for instance, computer usable media. The media has 
embodied therein, for instance, computer readable program 
code means for providing and facilitating the capabilities 
of the present invention. The article of manufacture can be 
included as a part of a computer system or sold separately. 
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Additionally, at least one program storage device 
readable by a machine, tangibly embodying at least one 
program of instructions executable by the machine to perform 
the capabilities of the present invention can be provided. 

5 The flow diagrams depicted herein are just examples. 

There may be many variations to these diagrams or the steps 
(or operations) described therein without departing from the 
spirit of the invention. For instance, the steps may be 
performed in a differing order, or steps may be added, 

10 deleted or modified. All of these variations are considered 
a part of the claimed invention. 

Although preferred embodiments have been depicted and 
described in detail herein, it will be apparent to those 
skilled in the relevant art that various modifications, 
15 additions, substitutions and the like can be made without 
departing from the spirit of the invention and these are 
therefore considered to be within the scope of the invention 
as defined in the following claims. 
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Claims 



What is claimed is: 

1. Method for downloading application components from 
a server via a client to a chipcard, wherein the server and 
5 the client are interconnected via a distributed system, said 
method comprising: 

a) delivery of a secret key or Session Key 
by the server; 

b) loading of a sequence of commands to 
10 download the application component to the chipcard; 

c) generation of a digital signature with 
the secret key or Session Key by way of each command 
within the command sequence; 

d) transmission of the signed command 
15 sequence as a data packet to the client; 

e) unpacking of the data packet and 
transmission of the individual commands in sequence to 
the chipcard; and 

f) checking of the digital signature of the 
20 individual commands and execution of the commands if 

the digital signature is correct. 
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2. Method in accordance with Claim 1, wherein the 
authentication method for generation of the Session Key is 
selected by: 

a) transmission of a request from the server 
via the client to the chipcard to transmit the 
chipcard identification data stored on the chipcard; 

b) reading of the chipcard identification 
data from the nonvolatile memory of the chipcard and 
transmission of the chipcard identification data via 
the client to the server; and 



c) identification from the chipcard 
identification data of an authentication method by 
means of which a Session Key agreed between the server 
and the chipcard can be generated. 



DE919990073US1 



15 



3. Method in accordance with Claim 2, wherein the 
Session Key is determined by an authentication method 
comprising : 



a) generation of a random number and 
5 selection of a secret key by the server; 

b) transmission of the random number in 
accordance with step a) via the client to the 
chipcard; 

c) generation of a random number by the 

10 chipcard; 

d) creation from the two random numbers and 
the transmitted keys of a Session Key; 

e) transmission of the encrypted random 
numbers and the random number generated by the 

15 chipcard to the server; and 

f) generation of a Session Key by the server 
and checking of the encrypted random numbers with the 
aid of the Session Key. 

4. Method in accordance with Claim 1, wherein the 
20 distributed System is an intranet or an Internet. 
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5. Method in accordance with Claim 1, wherein 
communication between the server and the client runs via SSL 
(Secure Sockets Layer) as the transfer protocol. 

6. Method in accordance with Claim 1, wherein on the 
5 server a runtime program exists which communicates with the 

client and uses the keys accessible to the server as 
necessary, and defines the protocol specifying when which 
messages must be exchanged with the client and when which 
keys must be used; and that on the client a runtime program 
10 exists which communicates both with the chipcard and with 
the server and which implements the protocol defining when 
which messages must be exchanged with the chipcard and the 
server . 



7. Method in accordance with Claim 1, wherein the 
15 chipcard identification data as a minimum comprise a 

chipcard serial number and a chipcard type, 

8. Method in accordance with Claim 1, wherein the 
digital signature is executed by way of a symmetrical 
cryptoalgorithm with the aid of the Session Key agreed 

20 between the client and the server, or by way of an 

asymmetrical cryptoalgorithm with the aid of a private key 
located on the chipcard, wherein the server is in possession 
of the public key. 
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9. Method in accordance with Claim 8, wherein the 
symmetrical cryptoalgorithm is DES or Triple-DES and the 
asymmetrical cryptoalgorithm is RSA, DSA or an Elliptic 
Curve algorithm. 

10. Method in accordance with Claim 3, wherein the 
secret key is derived from the chipcard identification data 
and the Master Key. 

11. Method in accordance with Claim 1, wherein the 
command sequence as a minimum comprises an Install command, 
one or more Load commands and a final Install command, and 
is stored in an APDU structure. 

12. Method in accordance with Claim 1, wherein each 
command within the command sequence is encrypted by means of 
the Session Key. 

13. Method in accordance with Claim 1, wherein the 
command sequence is a predefined sequence for a specific 
application which is stored in the nonvolatile memory of the 
server and is loaded into volatile memory of the server 
during the program runtime. 
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14. Method in accordance with Claim 1^ wherein the 
command sequence is generated by the server program, and 
wherein on the server a runtime program exists which 
communicates with the client and uses the keys accessible to 

5 the server as necessary, and defines the protocol specifying 
when which messages must be exchanged with the client and 
when which keys must be used; and that on the client a 
runtime program exists which communicates both with the 
chipcard and with the server and which implements the 
10 protocol defining when which messages must be exchanged with 
the chipcard and the server. 

15. Method in accordance with Claim 14, wherein 
card-specific data are integrated into the command sequence. 

16. Method in accordance with Claim 13, wherein the 

15 first command within the sequence is assigned a MAC (message 
authentication code) with the aid of the random number and 
the secret key and all subsequent commands are assigned a 
MAC based on the MAC of the preceding command and the key. 
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17. Device including at least the following 
components : 

a) Client at least including: 

aa) a Browser 

bb) a computer program product to 
execute unpacking of a data packet and 
transmission of individual commands thereof 
in sequence to a chipcard 

cc) a reader for the chipcard 

b) Server including at least: 

aa) a computer program product to 
execute : 

i) delivery of a secret code or 
Session Key by the server 

ii) loading of a sequence of 
commands to download the application 
component to the chipcard 

iii) generation of a digital 
signature with the secret key or Session 
Key by way of each command within the 
command sequence 
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iv) transmission of the signed 
conimand sequence as a data packet to the 
client 



m 

hi 
m 
W 

■s. 

a 
Q 

u 
a 



bb) a nonvolatile memory to store the 
secret keys and the Master Key 

c) Communication link between client and 

server . 
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18. Client at least including: 



a) a Browser 

b) a computer program product to execute 
unpacking of a data packet and transmission of 
individual commands thereof in sequence to a chipcard. 
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19. Client in accordance with Claim 17 further 
including : 

c) a chipcard reader 

5 d) a chipcard with a nonvolatile memory at least 

containing the following data: 

aa) a card number 
bb) a card type 
cc) a secret key 



DE919990073US1 



23 



20. Computer program product stored in the internal 
memory of a digital computer, containing elements of 
software code to execute a method for downloading 
application components from a server via a client to a 
chipcard, wherein the server and the client are 
interconnected via a distributed system, said method 
comprising : 

a) delivery of a secret key or Session Key 
by the server; 

b) loading of a sequence of commands to 
download the application component to the chipcard; 

c) generation of a digital signature with 
the secret key or Session Key by way of each command 
within the command sequence; 

d) transmission of the signed command 
sequence as a data packet to the client; 

e) unpacking of the data packet and 
transmission of the individual commands in sequence to 
the chipcard; and 

f) checking of the digital signature of the 
individual commands and execution of the commands if 
the digital signature is correct. 

-k -k -k -k -k 
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SYSTEM AND METHOD FOR DOWNLOADING APPLICATION 
COMPONENTS TO A CHIPCARD 



Abstract of the Disclosure 

5 The present invention describes a method for 

downloading application components, so-called on-card 
application components, from a server via a client to a 
chipcard, wherein the server and the client communicate with 
each other via a distributed system, in particular an 

10 Intranet or the Internet. The advantages of the present 
invention lie in the fact that downloading of the 
application components is divided into two stages: The first 
stage occurs on the server only, and ensures that not every 
command to download the application component is sent 

15 individually over the network. This is effected by means of 
a broadband-optimized protocol which bundles the individual 
commands to download the application component into a 
command sequence and sends it as a complete data packet over 
the network. This reduces the time required for downloading 

20 application components over the network. Each command within 
the command sequence is assigned a digital signature and, 
where appropriate, encrypted. This ensures that only 
authenticated commands are accepted by the chipcard. In this 
way this invention meets security requirements for the 

25 transfer of data via distributed systems, in particular over 

the Internet. The second stage occurs between the client 

and the chipcard, and ensures that the data packets are 

unpacked and sent individually to the chipcard. All 

security-relevant keys and certificates are stored on the 
DE919990073US1 25 



secure server. Communication between the client and the 
server runs preferentially via SSL (Secure Sockets Layer) as 
the transfer protocol. Misuse of the inventive system/method 
is thereby rendered much more difficult. 
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